💼 SA-9 (1) RISK ASSESSMENTS | ORGANIZATIONAL APPROVALS
- ID:
/frameworks/nist-sp-800-53-r4/sa/09/01
Description​
The organization: SA-9 (1)(a) Conducts an organizational assessment of risk prior to the acquisition or outsourcing of dedicated information security services; and SA-9 (1)(b) Ensures that the acquisition or outsourcing of dedicated information security services is approved by [Assignment: organization-defined personnel or roles].
Similar​
- Internal
- ID:
dec-c-bb18f135
- ID:
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|